alchm-planetary-agents-mcp

v1.0.0 suspicious
5.0
Medium Risk

Planetary Agents MCP server — converse with historical-figure personas, council-feed threads, and culinary debates from alchm.kitchen.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate risks due to potential network and shell execution vulnerabilities. While no direct evidence of malicious activity was found, the possibility of supply-chain attack cannot be entirely ruled out.

  • Moderate network risk due to asynchronous HTTP requests
  • High shell risk due to process execution capabilities
Per-check LLM notes
  • Network: Network calls are common in many packages but the use of asynchronous HTTP requests could indicate external command and control (C2) activities if not properly documented.
  • Shell: Executing processes from within a package is risky and can be indicative of malicious behavior such as creating a backdoor or performing unauthorized actions.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 4 test file(s) found

  • 4 test file(s) detected (e.g. test_admin_mcp_summary.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3511 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 41 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in gregcastro23/alchm-agents-app
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • L_TIER, } async with httpx.AsyncClient(timeout=45.0) as client: response = await client.pos
  • try: async with httpx.AsyncClient(timeout=15.0) as client: response = await client
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • s_mcp_server.py")) proc = subprocess.Popen( [sys.executable, server_path], stdin=subpro
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "gregcastro23" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with alchm-planetary-agents-mcp 
Create a Python-based interactive console application named 'HistoricalCulinaryCouncil' that leverages the 'alchm-planetary-agents-mcp' package to simulate conversations with historical figures as they discuss culinary arts and recipes. This application will serve as a platform where users can engage in conversations with different personas representing famous chefs and culinary experts from history. Users will be able to ask questions, receive personalized responses, and even participate in live debate sessions about various culinary topics. Additionally, the app will feature a 'Council Feed' section where users can read about ongoing discussions and join in on the conversation. The core functionalities of the 'HistoricalCulinaryCouncil' application include:

1. **Persona Interaction**: Users can select from a list of available historical figure personas and initiate conversations. Each persona should have unique characteristics and knowledge based on their historical context.
2. **Question & Answer Session**: Users can pose questions to the selected persona, receiving detailed and historically accurate answers related to culinary practices and recipes.
3. **Debate Participation**: Users can join ongoing debate threads where multiple personas discuss controversial culinary topics, providing arguments and counterarguments based on their historical perspectives.
4. **Council Feed**: A newsfeed-like feature displaying recent and popular debates, questions, and answers, allowing users to catch up on the latest culinary discussions.
5. **Recipe Sharing**: Users can share their own recipes or variations of historical recipes, which can then be discussed by the personas.
6. **User Profiles**: Users can create profiles to save their interactions, favorite recipes, and participate more deeply in the community.

To implement these features, you will need to utilize the 'alchm-planetary-agents-mcp' package to establish connections with the historical figure personas, retrieve information, and manage interactions. Ensure the application is user-friendly, provides clear instructions, and offers a seamless experience for engaging with historical culinary wisdom.